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(54) Security protection for data communication 

(57) According to the method of the invention, au- 
thentication of an electronic communication apparatus 
capable of communicating data messages with a server 
according to a synchronization protocol, such as Sync- 
ML, is provided. The authentication method utilized is 
specified in messages sent between said apparatus and 
said server by an authentication method indicator. De- 
pending on the capabilities of the apparatus, the authen- 
tication method may be different for different apparatus- 
es. Also, an electronic communication apparatus and a 
server for carrying out the invention are disclosed. 
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Description 

Field of the Invention 

[0001] The present invention relates to protocols for 
communication of data messages between electronic 
apparatuses. More particularly, the present invention re- 
lates to a method for providing authentication and integ- 
rity protection when a synchronization protocol for data 
communication is utilized for communication of data be- 
tween e.g. a client and a server. Also, the present inven- 
tion relates to a server and client adapted to provide au- 
thentication and integrity protection according to the 
method of the invention. 

Description of the Related Art 

[0002] In some situations it is preferred to communi- 
cate data between a client and a server using a stand- 
ardized synchronization protocol. By utilizing the syn- 
chronization protocol it is possible to provide data com- 
munication between electronic apparatuses from differ- 
ent manufacturers. With the SyncML initiative a stand- 
ardized data synchronization protocol is provided, which 
facilitates communication of data between user appara- 
tuses of different manufacturers. Examples of a client 
as disclosed above is an electronic communication ap- 
paratus such as a mobile telephone, a pager, an elec- 
tronic organizer, a smartphone or the like. 
[0003] One example of a situation where this possi- 
bility is useful is when a device management session is 
to be established between an apparatus and a server 
using a synchronization protocol such as e.g. SyncML 
(SyncML-DM (SyncML-Device Management) or Sync- 
ML-DS (SyncML-Data Synchronization)). If there are 
any problems with the apparatus it can be connected to 
the server through a wire or wireless communication 
link. By connecting the apparatus to the server, a remote 
repairer can get access to the apparatus through the 
connection. However, the repairer may want to authen- 
ticate the apparatus before he/she starts repairing the 
apparatus. Also, in another situation the apparatus may 
need to verify an authentication made by a repairer to 
avoid unauthorized access to the user apparatus by a 
third party, such as a hacker. 

[0004] Further, in many situations it is also preferred 
to provide integrity protection of the data sent between 
the communication apparatus and the server. 
[0005] In the SyncML-DM specification the following 
security mechanisms are specified: 

• Server authentication 
Client authentication 

• Integrity protection 

• (Confidentiality) 

[0006] In the known art security protection, i.e. said 
security mechanisms, is based on the use of a combi- 



nation of transport level and SynfcML level security as 
indicated in Table 1 of Fig. 3, which shows security 
mechanisms per protocol layer. As should be noted, 
confidentiality is mentioned in the Sync ML specifica- 
5 tion. However, it is not a requirement for the Sync- 
ML-DM. 

[0007] From table 1 of Fig. 3it can be concluded that 
there are strong requirements for client authentication 
and integrity protection at SyncML level since there are 
10 scenarios where there are no alternatives, such as with 
a SyncML protocol combined with an Obex transport 
protocol and a Cable or IrDa bearer layer. Also, server 
authentication and confidentiality are useful but not es- 
sential. 

15 [0008] Presently, the SyncML specification specifies 
an authentication protocol that can be used for both cli- 
ent and server authentication. 
[0009] The main problem with SyncML security is that 
it is based on a combination of username and password. 

20 This has two major disadvantages as it gives weak se- 
curity and it forces the user to handle yet another pass- 
word. Also, it is difficult to generate good integrity pro- 
tection keys from a password, as the entropy of a pass- 
word is too small. 40-1 28 random bits is normal for gen- 

25 erating a good integrity key. Using a password, this 
would require 50-70 symbols in a password typed on a 
keyboard to derive a sufficiently amount of random bits. 

Summary of the Invention 

30 

[0010] It is an object of the invention to provide a flex- 
ible method for providing at least client authentication, 
when a synchronization protocol such as SyncML-DM/ 
DS is utilized for communicating messages between the 

35 client and a server. More specifically, it is an object of 
the invention to provide client authentication in a more 
flexible manner than previously known wherein neither 
username nor password is necessary. Yet another ob- 
ject is to execute client authentication based on the spe- 

40 cific authentication capabilities of the client. Also, it is an 
object of the invention to provide integrity protection, in 
addition authentication, using good integrity protection 
keys. It is preferred to render possible the use of a 
number of different known authentication methods to be 

45 used with the synchronization protocol. Finally, it is an 
object of the invention to also provide server authenti- 
cation in addition to client authentication and integrity 
protection. 

[001 1] The above objects are achieved in that an au- 
50 thentication protocol of the synchronization protocol is 
utilized for providing an authentication method indicator 
(AMI). The AMI are incorporated in a meta command of 
the synchronization protocol for indicating the specific 
type of authentication method used in each particular 
55 case. The authentication method may be preset, or in- 
dividually determined by the server based on an initial- 
ization message sent by the apparatus for indicating e. 
g. its authentication capabilities, and establishing a con- 
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nectipn. Any data relating to the determined authentica- 
tion method hre incorporated in a data string of the pro- 
tocol when messages are communicated. 
[0012] According to the invention, it is a further object 
to provide a client, such as an electronic communication 5 
apparatus, adapted to provide at least client authentica- 
tion when the synchronization protocol is used for com- 
municating messages to (he server. 
[0013] According to the invention, the above objects 
are achieved by an electronic communication apparatus 10 
adapted to indicate e.g. its authentication capabilities to 
the server in an initialization message. Further, the ap- 
paratus is adapted to execute authentication according 
to the authentication technique indicated by the AMI. of 
a message received from the server. Also, the appara- 15 
tus is adapted to generate a response to the message 
to be transmitted to the server. For providing integrity 
protection, the apparatus is adapted to generate good 
integrity protection keys according to the indicated 
method. 20 
[0014] A further object of the invention is to provide a 
server adapted to provide at least client authentication 
using any of a number of known authentication tech- 
niques based on the authentication capabilities of the 
apparatus. 25 
[0015] The above objects are achieved by a server 
adapted to receive the initialization message (for client 
authentication) or send an initialization message (for 
server authentication). The server is adapted to deter- 
mine the specific authentication method to be used 30 
based on the authentication capabilities of the appara- 
tus. Further, the server is adapted to execute authenti- 
cation according to the determined authentication meth- 
od or according to a preset authentication method, 
which is incorporated in the AMI of the message. Also, 35 
the server is adapted to incorporate any authentication 
data relating to the specified authentication method in a 
data string of the message. To provide integrity protec- 
tion, the server is adapted to generate an IK according 
to the authentication method/scheme used. *o 
[0016] A further aspect of the invention is to utilize 
good integrity keys (IK) generated by the server and cli- 
ent, respectively, which will provide integrity protection 
in addition to authentication. The integrity key is gener- 
ated according to the authentication scheme used or 45 
separately by the server or the client. The authentication 
method/scheme may be GSM SIM, UMTS USIM, Se- 
cureld, Safeword, WPKI, WIM, etc. Further, USIM au- 
thentication have the advantage of providing mutual au- 
thentication, i.e. server authentication and client au- 50 
thentication in addition to integrity protection. 
[0017] The method according to the invention has the 
advantage of being flexible, as more than one authen- 
tication method may be used when the SyncML-DM/DS 
protocol is utilized for transmitting data messages be- 55 
tween the apparatus and the server. Also, now user 
name or user identity is necessary for carrying out client 
and/or server authentication. Further, good integrity 



keys may be derived from the authentication scheme to 
provide integrity protection independently from any user 
name or user id. By utilizing the method of the invention, 
anti-replay protection may be provided without the need 
for synchronized counters in both client and server. 
[0018] Further preferred features of the invention are 
defined in the dependent claims. 
[0019] It should be emphasized that the term "com- 
prises/comprising" when used in this specification is tak- 
en to specify the presence of stated features, integers, 
steps, components or groups thereof. 

Brief Description of the Drawings 

[0020] Preferred embodiments of the present inven- 
tion will now be described iri more detail with reference 
to the accompanying drawings, in which: 

Fig. 1 shows a mobile telephone connected to a 
number of servers, which are adapted to provide 
authentication according to the invention; 
Fig. 2 is a flow chart of an exemplifying authentica- 
tion process according to the invention; 
Fig. 3 is a table showing security mechanisms per 
protocol layer; 

Fig. 4 illustrates variables and the message flow be- 
tween an electronic user equipment and a server in 
a SIM authentication scenario; and 
Fig. 5 illustrates variables and the message flow be- 
tween an electronic user equipment and a server in 
a USIM authentication scenario. 

Detailed Description of Embodiments 

[0021] The present invention provides a method for 
client authentication and integrity protection of commu- 
nicated data between e.g. a client, such as an electronic 
user apparatus, and a server when a standardized syn- 
chronization protocol such as SyncML-DM/DS is used. 
[0022] A mobile telephone 1 is an example of an elec- 
tronic user apparatus. For convenience, reference will 
therefore be made to a mobile telephone 1 throughout 
this description. However, this is only for exemplifying 
purposes and is not considered to limit the scope of the 
invention. 

[0023] An exemplary mobile telephone 1 comprising 
in a normal fashion a display 10, a keypad 11, a loud- 
speaker 12, and a microphone 13 is shown in Fig. 1. 
The components together form a man-machine inter- 
face, through which a user of the mobile telephone 1 
may interact with and operate the mobile telephone 1. 
Further, the mobile telephone 1 comprises an antenna 
14 for establishing a wireless communication link 20 
with a mobile telecommunication network 21. The mo- 
bile telecommunication network 21 may e.g. be a GSM 
network ("Global System for Mobile communications") 
or a UMTS network ("Universal Mobile Telephone Sys- 
tem"). The mobile telephone 1 is adapted to communi- 
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cate data through the mobile telecommunication net- 
work 21 usirtg a standardized synchronization protocol 
such as SyncML-DM/DS. Data can be communicated 
through a wire based or wireless connection 30 between 
the mobile telephone 1 and a server 31 connected to* 
the telecommunication network 21. 
[0024] Moreover, the mobile telephone 1 of the em- 
bodiment shown in Fig. 1 comprises an infrared inter- 
face 15, such as an IrDA port, by means of which the 
mobile telephone 1 may be connected through a infra- 
red link 40 to a second server 4 1 for communicating data 
using a synchronization protocol, such as SyncML-DM/ 
DS. 

[0025] The mobile telephone 1 also comprises a sys- 
tem or accessories connector 16, by means of which the 
mobile telephone 1 may be connected, through e.g. a 
serial cable 50, to a third server 51, for communicating 
data using a synchronization protocol, such as Sync- 
ML-DM/DS. 

[0026] Additionally, the mobile telephone 1 comprises 
a second antenna 17 for establishing a short-range ra- 
dio link 60, such as a Bluetooth link, to a fourth server 
61 , forcommunicating data using a synchronization pro- 
tocol. 

[0027] As is understood, not all mobile telephones 1 
of the invention have all the above mentioned commu- 
nication possibilities for communicating data, but can 
have one or more in different embodiments. Also, the 
server may be embodied as a pc (personal computer), 
or another electronic user apparatus adapted to com- 
municate data according to a synchronization protocol, 
such as SyncML-DM/DS, 

[0028] At SyncML level of data transmission between 
the mobile telephone 1 and the server 31, 41, 51, 61 
authentication is provided by utilizing the SyncML-DM/ 
DS protocol for carrying information of the authentica- 
tion method to be used, such as SIM/USIM authentica- 
tion, which will be further disclosed below. According to 
the invention, a number of different authentication meth- 
ods may be utilized when the SyncML-DM/DS protocol 
is used for communicating messages. The authentica- 
tion method to be used is specified according to the 
same principals as in the existing SyncML-DM/DS au- 
thentication protocol, although in a much more flexible 
manner". For signaling the authentication method being 
used an authentication indicator (AMI), sometimes re- 
ferred to as the mechanism, is provided when the Syn- 
cML-DM/DS protocol is utilized. The AMI substitutes the 
authentication directive of the meta command of the 
conventional SyncML-DM/DS protocol when data is 
communicated according to the SyncML-DM/DS proto- 
col. Further, any data relating to the specific authentica- 
tion method utilized is incorporated in a data string of 
the message sent according to the SyncML-DM/DS pro- 
tocol. 

[0029] In one embodiment of the invention GSM SIM 
or UMTS USIM authentication and integrity protection 
is utilized. This provides authentication of the mobile tel- 



ephone 1 and integrity protection' of data sent between 
said telephone 1 and the server 31, 41, 51, 61. Also, 
USIM authentication provides the additional possibility 
of server authentication. As should be noticed, other au- 

5 thentication techniques are equally well possible, such 
as PKI based schemes, e.g. WPKI and WIM, and pro- 
prietary authentication token technology, e.g. Secureld 
or Safeword as the authentication method. 
[0030] The AMI is a variable indicating the algorithm 

10 (s) used to produce the message digest of the message 
being sent using the SyncML-DM/DS protocol, and the 
specific authentication method, which is to be specified. 
The value of the AMI depends on the authentication 
method used. As is indicated above, the mobile tele- 

15 phone 1 may be adapted to execute authentication ac- 
cording to one or more authentication methods. 
[0031] In the following, an exemplary embodiment ac- 
cording to the invention will be presented, wherein the 
message flow between the mobile telephone 1 and the 

20 server 31,41,51, 61 is disclosed. In the exemplary em- 
bodiment, SIM/USIM authentication and integrity pro- 
tection will be described with reference to Figs. 2, 4, and 
5. 

[0032] At a first step 1 00 of Fig. 2, an initializing mes- 

25 sage, indicated as "Initial L3 message" in Figs. 4 and 5, 
is sent from the mobile telephone 1 to the server 31 , 41 , • 
51, 61. The general purpose of the initialization mes- 
sage is to establish a connection between the mobile 
telephone 1 and the server 31, 41, 51, 61. Also, said 

30 message may comprise other information, such as in- 
formation of the type of device that sent the initialization 
message, and the identity of the mobile telephone 1 
such as IMSI (international mobile subscriber identity) 
and Ki (subscriber authentication key). The AMI, or a list 

35 of AMIs for indicating more than one authentication ca- 
pability, can be incorporated in the initialization mes- 
sage for indicating the authentication capabilities of the 
mobile telephone 1 . As should be noted, the server 31 , 
41,51,61 may also initiate the establishing of a connec- 

40 tion between said server and the mobile telephone 1. 
This is executed in that the server 31 , 41 , 51 , 61 trans- 
mits a server initialization message to the mobile tele- 
phone 1 , whereupon said telephone 1 transmits the in- 
itialization message when the server initialization mes- 

45 sage is received. 

[0033] Depending on e.g. the type of device sending 
the first message, type of data bearer and transport pro- 
tocol the server 31, 41, 51, 61 determines at step 101 
the security level and type of security mechanism, such 

50 as SIM/USIM authentication, to be used. However, the 
security mechanism may equally well be preset, where- 
in the server 31, 41, 51, 61 does not need to determine 
the authentication capabilities of the mobile telephone 
1. In this embodiment, the server 31, 41, 51, 61 deter- 

55 mines that the mobile telephone 1 capable of performing 
SIM/USIM authentication sent the message. Therefore, 
the server 31 , 41 , 51 , 61 starts SIM/USIM authentication 
at 102 by transmitting an authentication request com- 
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prising the subscriber identity (IMSI t Ki) to an AUC (au- 
thentication center) for deriving authentication variables 
(AVs), possible via a home location register (HLR). 
Based on the IMSI, the AUC generates authentication 
data, such as a challenge, which in this embodiment is 
a random number, or obtains a stored challenge based 
on the IMSI. Also, the AUC generates an XRES (expect- 
ed result), based on the challenge and the Ki, or obtains 
a stored XRES by means of the IMSI. The XRES will be 
used in a later step for finalizing the authentication. 
[0034] In an alternative embodiment, the AUC also 
generates an CK/IK (cipher key/integrity key) based on 
the Ki and the challenge, which can be stored together 
with the XRES &nd the authentication data at the AUC 
and/or the server 31,41,51,61 and utilized for integrity 
protection. 

[0035] At step 103, the authentication data, XRES 
and CK/IK are then transmitted to the server, which is 
adapted to transmit the authentication data to the mobile 
telephone 1 in the data string of the message according 
to the SyncML-DM/DS protocol. Also, the value of the 
AMI, indicating the type of security mechanism used for 
generating the authentication data, XRES and CK/IK for 
authentication and integrity protection, i.e. SIM/USIM 
authentication in this embodiment, is incorporated into 
the message sent to the mobile telephone 1, as dis- 
closed above. 

[0036] After receiving the AMI and the authentication 
data the mobile telephone determines the authentica- 
tion method to be used by'evsiluating the AMI and per- 
forms the steps necessary according to the specific au- 
thentication method to create a response to be sent to 
the server 31, 41, 51, 61. Alternatively, the authentica- 
tion method may be predetermined. As the steps nec- 
essary for executing SIM/USIM authentication at the 
mobile telephone 1 form no essential part of the inven- 
tion per se, it will only be disclosed briefly in the follow- 
ing. 

[0037] In the exemplifying embodiment, the mobile 
telephone 1 , at step 1 04, generates a response by trans- 
mitting the authentication data to the SIM/USIM of the 
mobile telephone 1. The SIM/USIM generates, based 
on the Ki of the subscription stored on the SIM/USIM 
and the authentication data, a response corresponding 
to the XRES stored in the server. 
[0038] In an alternative embodiment, integrity protec- 
tion is also provided at step 105 if required. Therefore a 
shared secret key is required. In the embodiment where 
SIM/USIM is used as the authentication scheme, integ- 
rity protection using the CK/IK as good integrity keys is 
possible. Therefore, the mobile telephone 1 requests a 
CK/IK from the SIM/USIM, which generates a second 
integrity key based on the Ki and the value of the au- 
thentication data. Consequently, executing an authenti- 
cation procedure, such as the GSM authentication pro- 
cedure, or the UMTS AKA, which per se are believed to 
be known to the man skilled in the art, provides the CK/ 
IK. As is also understood, the CK of GSM authentication 



is used as an integrity key correspondingly to the IK of 
UMTS authentication. 

[0039] A hashing function, such as SHA-1 or MD5, 
can be utilized by the mobile telephone 1 for the integrity 

5 protection in the alternative embodiment. A value of a 
MAC parameter is computed as per RFC2104, with 
SHA«r1 as its hashing function. However, other hashing 
functions may also be used according to the method of 
the invention. The computation of the MAC value relies 

10 upon the use of a shared secret (or key). Therefore, ac- 
cording to the invention, the CK/IK generated by the 
SIM/USIM is utilized for the integrity protection, as'is 
well known in the art. Also, a HMAC is computed on the 
entire SyncML-DM/DS message. Each SyncML-DM/DS 

15 message is constructed as normal, upon completion of 
the, message the HMAC is computed. The HMAC is lo- 
cated in the header of the transport protocol, e.g. HTTP, 
WAR or OBEX, called x-syncml-hmac, during transmis- 
sion of the message. 

20 [0040] When the response is derived, and possibly 
the MAC and HMAC, the response is incorporated in the 
data string of the SyncML-DM/DS authentication proto- 
col. Also, the AMI indicates the authentication method 
used, and the response message is transmitted from the 

25 mobile telephone 1 to the server 31 , 41 , 51 , 61 at step 
107. Upon reception, the server 31, 41, 51, 61 at step 
108 begins the integrity control and finalizes authenti- 
cation according to the authentication method specified 
by the AMI. 

30 [0041] For finalizing the authentication according to 
SIM/USIM authentication, the server 31 , 41 , 51 , 61 com- 
pares the response value with the value of the stored 
XRES for authentication control. If integrity protection is 
provided, the server also generates a MAC value based 

35 on the response message and the CK/IK received from 
the AUC to be compared with the value of the MAC sent 
in the data string of the SyncML-DM/DS protocol. As in- 
tegrity protection per se is not an essential part of the 
invention, the generation of MAC values and the com- 

40 paring of said values is not further disclosed here. 
[0042] If USIM authentication is utilized, the mobile 
telephone 1 may transmit a user authentication reject to 
the server 31 , 41 , 51 , 61 if the authentication fails, as is 
indicated in Fig. 5. 

45 [0043] In an alternative embodiment, the use of USIM 
authentication also provides the possibility of server au- 
thentication in addition to client authentication. The dif- 
ference between the embodiment providing server au- 
thentication and the embodiments described above is 

50 that an additional server authentication variable AUTN 
(authentication token) is generated by the authentica- 
tion center in addition to the challenge, CK/IK and 
XRES. The AUTN variable will be transmitted to the mo- 
bile telephone 1 in the data string of the message incor- 

55 porating the authentication data. Also in this embodi- 
ment the AMI is used for indication the type of authen- 
tication method utilized. When the mobile telephone 1 
receives the AUTN variable, it will pass it on to the USIM, 
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which will perform server authentication in addition to 
generating ttte response. 

[0044] In other embodiments of the invention, other 
authentication techniques can be utilized, which will be 
indicated by different AMI values comprised in the mes- 
sage, as set out above. In each embodiment, the au- 
thentication data necessary for performing authentica- 
tion, such as certificates or codes, can be transmitted 
from the server 31, 41, 51, 61 to the mobile telephone 
1 by utilizing the data string of the message sent accord- 
ing to the SyncML-DM/DS protocol. 
[0045] In the following PKI based WIM authentication 
and integrity protection will be described briefly. In WIM 
authentication the initialization message is sent from the 
mobile telephone 1 to the server 31,41,51,61, corre- 
spondingly to SIM/USIM authentication. Then the server 
determines, if necessary, the capabilities of the mobile 
telephone, wherein WIM authentication is determined 
as the authentication method to utilize. Then, the server 
generates the AMI and a challenge to be transmitted to 
the mobile telephone according to the same principles 
as has been described above. When the mobile tele- 
phone 1 receives the authentication parameters, i.e. the 
AMI and the challenge, the mobile telephone 1 transmits 
the challenge to the WIM of the mobile telephone 1, 
which as a result generates a response in the form of a 
certificate, which is stored in the WIM. A certificate au- 
thority, as is well known to the man skilled in the art, 
issues the certificate. The response is then transmitted 
to the server according to \he same principles as in the 
previous embodiments. The result may be encrypted 
using a public key of the server. Finally, when the server 
receives the result, said server will if necessary decrypt 
the message using the private key of the server 31,41, 
51, 61 and authenticate the response (certificate) by 
transmitting an authentication request to a certificate au- 
thority (CA). 

[0046] In the authentication procedure, the server 31 , 
41, 51, 61 will derive the public key of the mobile tele- 
phone 1 from the CA. The public key of the mobile tel- 
ephone may be utilized for providing integrity protection 
if preferred. If so, the server 31, 41, 51, 61 will generate 
a good IK based on random numbers, which is incorpo- 
rated in a message encrypted using the public key of 
the mobile telephone 1. An hashing algorithm, as de- 
scribed above, is used on the encrypted message, 
whereupon the message is encrypted with the private 
key of the mobile telephone. The mobile telephone 1 will 
receive the encrypted message, decrypt it using the 
public key of the server, a hashing algorithm, and the 
private key of the mobile telephone 1 for finalizing the 
integrity protection. 

[0047] Other possibilities of integrity protection when 
WIM based authentication are utilized. One example is 
to provide the encrypted IK together with the challenge 
in the data string of the first message sent from the serv- 
er 31, 41, 51, 61 to the mobile telephone 1, which will 
be incorporated in the data string of the message. 



[0048] As is mentioned above, also Safeword and Se- 
cureld are possible to use as the authentication method. 
These methods may be used according to the same 
principles as described in relation to the above embod- 

5 iments and according to the following dependent and 
independent claims. Therefore, these authentication 
methods will not be described in any further detail, as 
messages will flow between the mobile telephone 1 and 
the server 31,41,51, 61 using the SyncML-DM/DS pro- 

10 tocol having a AMI for indicating the authentication 
method and a data string for carrying any authentication 
data. 

[0049] As an option, the authentication data can* be 
used to prevent replay attacks. In 3GPP the server, 31, 
15 41,51,61 can e.g. use the equivalent of the AKA FRESH 
parameter as the value of the authentication data. This 
value, together with the parameter-nonce count is used 
for full anti-replay protection. 

[0050] The method has been described as providing 
20 an authentication method indicator (AMI) and utilizing a 
data string for carrying authentication data, which re- 
lates to the specific authentication method used, in a 
message to be sent according to a synchronization pro- 
tocol, such as the SyncML-DM/DS protocol. However, 
25 it should be noted that the method is not limited to the 
SyncML-DM/DS protocol. It is equally well possible to 
implement the method of the invention also below the 
SyncML layer in transport protocols such as http or 
Obex. 

30 

Claims 

1. A method for providing authentication when mes- 
35 sages are sent between an electronic communica- 
tion apparatus (1) and a server (3, 41, 51, 61) ac- 
cording to a synchronization protocol, character- 
ized in that an authentication method indicator 
(AMI) is incorporated in an authentication protocol 

40 of the synchronization protocol, wherein said AMI 
specifies an authentication method according to 
which the authentication is executed. 

2. The method according to claim 1, wherein the AMI 
45 is incorporated in the meta command of the syn- 
chronization protocol and based on the authentica- 
tion capabilities of the apparatus (1). 

3. The method according to claim 1 or 2, wherein at 
50 least one authentication capability of the electronic 

communication apparatus is indicated in an authen- 
tication method list of an initialization message sent 
to the server (31,41,51,61) for establishing a con- 
nection. 

55 

4. The method according to any of the previous 
claims, wherein any authentication data relating to 
the specified authentication method is incorporated 
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in a data string of the synchronization protocol. 

5. The method according to any of the previous 
claims, wherein the specified authentication meth- 
od is GSM SIM authentication. 

6. The method according to any of the claims 1-4, 
wherein the specified authentication method is 
UMTS USIM authentication, which also provides 
server authentication. 

7. The method according to any of the claims 1-4, 
wherein the specified authentication method is WP- 
Kl or WIM authentication. 

8. The method according to any of the claims 1-4, 
wherein the specified authentication method is Se- 
cureld or SafeWord authentication. 

9. The method according to any of the claims 3-7, 
wherein the server (31, 41, 51, 61) determines the 
authentication capabilities of the electronic commu- 
nication apparatus (1 ) based on the at least one au- 
thentication method listed in the authentication 
method list. 

10. The method according to claim 9, wherein the serv- 
er (31 ,41,51,61) executes any necessary authen- 
tication steps according to one of the at least one 
authentication methods indicated in the authentica- 
tion method list, and prepares and transmits a mes- 
sage to the electronic communication apparatus 
(1 ), comprising the AMI and any authentication data 
relating to the specified authentication method, in 
the data string of the message. 

11. The method according to claim 10, wherein the 
electronic communication apparatus (1) receives 
the message, executes any necessary authentica- 
tion steps according to the authentication method 
indicated by the AMI to generate an expected result, 
and prepares and transmits a response to the serv- 
er, comprising the AMI, and any authentication data 
in the data string of the message. 

12. The method according to any of the claims 1-6 and 
9-11 , wherein integrity protection is provided by uti- 
lizing CKs/IKs (cipher keys/integrity keys) generat- 
ed by the electronic communication apparatus (1) 
and the server (31, 41, 51, 61), respectively, when 
SIM/USIM authentication is executed, which CK/IK 
is used for generating MAC values and using a 
hashing function for computing a HMAC on the en- 
tire message to be sent. 

1 3. The method according to any of the claims 7 or 9-1 1 , 
wherein integrity protection is provided in that the 
server generates a good integrity key, which is en- 



crypted with the public key of {he electronic commu- 
nication apparatus (1), which is generated during 
the authentication procedure, said integrity key is 
sent to said apparatus (1), and utilized for generat- 
5 ing MAC values and using a hashing function for 
computing a HMAC on the entire message to be 
sent. 

14. The method according to claim 12 or 13, wherein 
10 the MAC value is computed as per RFC2104. 

15. The method according to any of the claims 12-14, 
wherein the method utilizes SHA-1 as the hashing 
function. 

15 

16. The method according to any of the previous 
claims, wherein the protocol is the SyncML-DM pro- 
tocol or the SyncML-DS protocol. 

20 17. The method according to any of the previous 
claims, wherein the protocol is the Obex, http, or 
WSP protocol. 

18. An electronic communication apparatus adapted to 
25 provide authentication when messages are ex- 
changed with a server according to a synchroniza- 
tion protocol, characterized in that the apparatus 
is further adapted to incorporate an authentication 
method indicator (AMI) in the authentication proto- 

30 col of the synchronization protocol for indicating a 
specific type of authentication method, according to 
which the authentication is executed. 

19. The apparatus according to claim 18, wherein the 
35 apparatus (1) is further adapted to send an initiali- 
zation message to the serverfor establishing a con- 
nection, which message indicates the authentica- 
tion capabilities of the apparatus. 

40 20. The apparatus according to claim 19, wherein the 
initialization message comprises an authentication 
method list having at least one authentication meth- 
od listed, type of apparatus, and/or identity of the 
apparatus (1). 

45 

21. The apparatus according to claim 18, wherein the 
apparatus (1) is further adapted to determine the 
type of authentication method to use from the au- 
thentication method indicator of a message re- 

50 ceived from the server (31,41,51,61 ). 

22. The apparatus according to any of the claims 1 8-21 , 
wherein the apparatus (1) is further adapted to ex- 
ecute any of the steps necessary according to the 

55 specified authentication method. 

23. The apparatus according to claim 22, wherein the 
apparatus (1) is further adapted to incorporate any 
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authentication data in a data string of the message 
; to be sent according to the synchronization proto- 
col. 

24. The apparatus according to any of the claims 1 8-23, ' 
wherein the apparatus (1 ) is further adapted to pro- 
vide integrity protection by utilizing an IK (integrity 
key) for generating a MAC, and utilizing a hashing 
function for computing a HMAC on the entire mes- 
sage. 

25. The apparatus according to claim 24, wherein the 
apparatus (1 ) is adapted to compute the MAC value 
as per RFC2104. 

26. The apparatus according to claim 24 or 25, wherein 
the apparatus (1) is further adapted to utilize SHA- 
1 as the hashing function. 

27. The apparatus according to any of the claims 1 8-26, 
wherein the protocol is the SyncML-DM protocol or 
the SyncML-DS protocol. 

28. The apparatus according to any of the claims 1 8-26, 
wherein the protocol is the Obex, http, or WSP pro- 
tocol. 
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35. The server according to claim 34, wherein the serv- 
er (31, 41, 51, 61) is further adapted to incorporate 
any authentication data in a data string of the syn- 
chronization protocol. 

36. The server according to claim 34 or 35, wherein the 
server (31, 41, 51, 61) is further adapted to deter- 
mine from a received initialization message the au- 
thentication capabilities of the apparatus (1) and 
further determine a specific authentication method 
to utilize therefrom. 



37. The server according to claim 36, wherein the serv- 
er (31 , 41 , 51 , 61 ) is further adapted to execute au- 

15 thentication according to the determined authenti- 
cation method. 

38. The server according to any of the claims 34-37, 
wherein the server (31 , 41 , 51 , 61 ) is further adapt- 

20 ed to provide integrity protection by utilizing an IK 
(integrity key) for generating a MAC, and utilizing a 
hashing function for computing a HMAC. 

39. The server according to claim 38, wherein the serv- 
25 er (31 , 41 , 51 , 61 ) is adapted to derive the MAC val- 
ue as per RFC2104. 



29. The apparatus according to any of the claims 1 8-28, 
wherein the apparatus (1) is further adapted to uti- 
lize GSM SIM authentication as the authentication 
method. 

30. The apparatus according to any of the claims 1 8-28, 
wherein the apparatus (1) is adapted to utilize 
UMTS USIM authentication as the authentication 
method and provide server authentication. 

31. The method according to any of the claims 18-28, 
wherein apparatus (1) is further adapted to utilize 
Secureld, SafeWord, WPKI or WIM authentication 
as the authentication method. 

32. The apparatus according to any of the claims 1 8-31 , 
wherein the apparatus is a pager, an electronic or- 
ganizer, or a smartphone. 

33. The apparatus according to any of the claims 1 8-31 , 
wherein the apparatus is a mobile telephone (1). 

34. A server adapted to provide authentication when 
messages are exchanged with an apparatus (1) ac- 
cording to a synchronization protocol, character- 
ized in that the server (31, 41, 51, 61) is further 
adapted to incorporate an authentication method in- 
dicator (AMI) in the authentication protocol of the 
synchronization protocol for indicating an authenti- 
cation method, according to which the authentica- 
tion is executed. 
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40. 



41 



42. 



The server according to claim 38 or 39, wherein the 
server (31, 41, 51, 61) is further adapted to utilize 
SHA-1 as the hashing function. 

The server according to any of the claims 34-40, 
wherein the protocol is the SyncML-DM protocol or 
the SyncML-DS protocol. 

The server according to any of the claims 34-41, 
wherein the protocol is the Obex, http, or WSP pro- 
tocol. 



40 



43. The server according to any of the claims 34-42, 
wherein the server (31 , 41 , 51 , 61) is further adapt- 
ed to utilize GSM SIM authentication as the authen- 
tication method. 



45 44. The server according to any of the claims 34-42, 
wherein the server (31, 41, 51, 61) is further adapt- 
ed to utilize UMTS USIM authentication as the au- 
thentication method and provide server authentica- 
tion variable to the electronic user equipment (1). 
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45. The server according to any of the claims 34-42, 
wherein server is further adapted to utilize Se- 
cureld, SafeWord, WPKI or WIM authentication as 
the authentication method. 
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